Archives mensuelles pour 9 2015

Information This level is a remote blind format string level. The ‘already written’ bytes can be variable, and is based upon the length of the IP address and port number. When you are exploiting this and you don’t necessarily know your IP address and port number (proxy, NAT / DNAT, etc), you can determine that ...

Information This level combines a stack overflow and network programming for a remote overflow. Hints: depending on where you are returning to, you may wish to use a toupper() proof shellcode. Core files will be in /tmp. This level is at /opt/protostar/bin/final0 Source code Solution This level introduces remote buffer overflow. The vulnerability is located ...

Information This level tests the ability to understand code, and implement a simple network protocol. This level is at /opt/protostar/bin/net3 Source code Solution Again, it is a server waiting for a connection on port 2996. After the connection, it reads a value from the network and it converts it in host byte order (big endian) ...

Information This code tests the ability to add up 4 unsigned 32-bit integers. Hint: Keep in mind that it wraps. This level is at /opt/protostar/bin/net2 Source code Solution Again, a server is waiting on the port 2997. It sends 4 integer in little endian format and it waits in return the sum of them in ...

Information This level tests the ability to convert binary integers into ascii representation. This level is at /opt/protostar/bin/net1 Source code Solution This level is nearly the same as the previous one, excepted that the server sends the integer in little endian format, and it waits its’ ASCII value. I use the following python script : ...

Information This level takes a look at converting strings to little endian integers. This level is at /opt/protostar/bin/net0 Source code Solution In this level, a server is waiting for a connection on the port 29999. When connected, it generates an unisgned integer : wanted = random(); It sends it to the client : printf(« Please send ...

Information This level introduces the Doug Lea Malloc (dlmalloc) and how heap meta data can be modified to change program execution. This level is at /opt/protostar/bin/heap3 Source code Solution In this level, the goal is to overwrite the content of the GOT entry of printf() (in fact puts()) with the memory address of winner() The ...